Data Protection Statement
Last modified on August 31, 2018
Welcome to Roland Berger's Data Protection Statement (“Data Protection Statement”)
Protecting your Personal Data, and complying with the GDPR and other relevant data protection legislation, is something we take very seriously. This statement is intended to give you an overview of how we ensure this protection, what kinds of data we collect and why, and how we deal with it.
By “Personal Data” we mean in accordance with the GDPR any information relating to an identified or identifiable individual. This is broader than just information of a personal or private nature, and also includes information such as your name, date of birth, and email address.
Responsibility for data processing and in connection with this Data Protection Statement is with Roland Berger Holding GmbH, Sederanger 1, 80538 Munich, Germany (“Roland Berger”, “we”, “us”). For more detailed information about Roland Berger, please see How to contact us?
Roland Berger uses our website to present general information about our company and what we do. There are some areas of our websites or individual pages which serve more specific purposes.
- There is the applicants' area of our different recruiting websites, where potential applicants can apply for jobs, internships and other positions (refer to the supplementary Data Protection Statement for applicants );
- Then there is our alumni area, where people who used to work for Roland Berger can keep in touch with their ex-colleagues and the company itself (refer to the supplementary Data Protection Statement for alumni );
- We also offer subscription of newsletters, surveys, offers or comparable marketing and information services; if you subscribe to such services, we will send you the respective material by email;
- And there are other pages on specific topics or with specific functions. Details can be found in the contents section of each page.
We collect, process and use data for the reasons above, unless there are more specific reasons, which we will give when collecting that data (e.g. for applicants ). We do not use data other than for its intended purpose in each case.
Personal Data collected automatically
When you visit our websites, we record the following data:
- your IP address;
- the data you requested from the website;
- how much data you downloaded;
- the website from which your accessing system came to our website;
- the server reply code on the request from your browser;
- what kind of browser you used including your browser version;
- the date and time you visited, and for how long; and
- other similar data and information, which serve to avert risks in the event of attacks on our information technology systems.
Roland Berger cannot attribute this data to any specific person as a general rule (unless you log in). We do not combine this data with data from any other sources.
This information is required:
- to properly deliver the contents of our websites;
- to keep our websites optimized at all times;
- to ensure the continued functioning of our information technology systems and the technology of our websites; and
- to provide law enforcement authorities with the necessary information for prosecution in the event of a cyberattack.
This data is statistically analyzed by Roland Berger in order to increase data protection and data security in our company, so we can ensure the best possible level of protection for the Personal Data we process. These purposes state our legitimate interests for the temporary storage of data on the legal basis of Art. 6 para 1 lit.a) GDPR.
Personal Data obtained from you directly
We record and process information you enter on our websites or send us otherwise. This includes data you enter in forms or contact fields fields (e.g. for the subscription of newsletters), or select from lists or menus.
There are some points in our websites where you can send us information by uploading documents via those websites to our servers. That is what happens when you apply online, for example (refer to the supplementary Data Protection Statement for applicants ).
We also record and process Personal Data when you email someone at Roland Berger. This concerns the contents of your emails as such, but also data obtained from queries to our email server, such as sender and addressee IDs, time stamp, errors or grounds for refusal if mail does not get through. The legal basis for such data processing is Art. 6 para 1 lit.a) GDPR.
When you provide your Personal Data, we will ask you to give your consent for processing that data. In that case, the legal basis for processing is Art. 6 para 1 lit.a) GDPR. You can withdraw your consent at any time with future effect, using mail, fax, or email using the contact details given above under How to contact us? .
Profile and login information for access-protected areas
There are some access-restricted areas of the websites for which you need to register before you can use them, like the recruiting/applicant and alumni areas in particular. When registering, there are some details you have to enter that the registration form itself requires, particularly your email address, a password, and some information about yourself. Any other details you enter are voluntary. We process and save this data in accordance with the supplementary data protection statements for applicants and alumni .
In some areas of our websites, like our alumni network in particular, some of your registration data or contributions you make can be seen by other users once they log in. It is up to you to decide whether you want other registered users of this site to see your information and, if so, what. You can change these settings at any time. During the registration process, we will ask you to give your consent for processing and saving that data. The legal basis for processing that data is Art. 6 para 1 lit.a) GDPR.
You can withdraw your consent to the processing of your Personal Data given in the registration process at any time with future effect, using mail, fax, email using the contact details given above under How to contact us? .
Newsletters / marketing and information services
There are many points on Roland Berger's websites where we offer newsletters or comparable mar-keting and information services. If you would like to use these, we will need a working email address for you and details to enable us to verify that this email address is really yours, or that the person whose address it is agrees to receive the newsletter. For legal reasons, an email will be sent to the email address you provided asking for confirmation in a double-opt-in procedure after signing up to our newsletter. That is the only information we gather. The legal basis for sending you newsletters is Art. 6 para 1 lit.a) GDPR.
The Personal Data collected when registering for the newsletter will be used exclusively for the follow-ing purposes:
- Sending the newsletter
- Consulting, marketing and advertising
- Designing the newsletter according to your needs
- Composing the topics of the newsletter according to your interests
Furthermore, subscribers to the newsletter may be informed by email if necessary for offering the newsletter service or for registration, for example in the event of changes to the offer of the newsletter or changes in technical conditions. In the event that you have agreed to receive newsletters from other companies of the Roland Berger Group , we will share your Personal Data within the Roland Berger Group only for those purposes. The legal basis for this is Art. 6 para 1 lit.a) GDPR. Otherwise your Personal Data collected in the context of the newsletter service will not be passed on to third parties.
You can withdraw your consent to your data and email address being recorded and used to send newsletters and object to the use of your Personal Data for marketing purposes at any time with future effect, either by using the link enclosed to each newsletter email we send you or, alternatively, by directly contacting Roland Berger Holding GmbH via mail, fax, email or using the contact details given above under How to contact us?
Where does data go once it reaches Roland Berger?
Once you send data, or it is collected on our websites, we transmit it within Roland Berger to the recipients that need to know it. Applications, for instance, go to our human resources department and the department for which the position is advertised (refer to the supplementary data protection statement for applicants ).
External service providers
We may share your personal data with external service providers who work on our behalf, such as marketing agencies, e-commerce fulfilment partners, market research companies, software, website hosting and other IT service providers. These external providers are required not to use your Personal Data other than to provide the services requested by us or otherwise in accordance with our instructions.
Within the Roland Berger Group's organization , there is a need to exchange Personal Data on an intragroup basis as Joint Controllers. For this reason, Roland Berger will transfer and share your Personal Data within the Roland Berger Group's organization for the purposes set out in this Data Protection Statement. Roland Berger entities might also be established outside the European Union or the European Economic Area. In such cases, we will ensure that there are adequate safeguards (i.e. EU standard data protection clauses) in place to protect process your Personal Data. We at Roland Berger are responsible to inform you about your rights as data subject under applicable data protection laws. You can address any requests or complaints you may have with regard to your Personal Data to Roland Berger. The other Roland Berger entities within the Roland Berger Group's organization that might also keep your Personal Data will give us reasonable cooperation, assistance and information in order to comply with such requests or complaints.
Sending data to third parties
As a fundamental rule, we do not disclose, transfer, sell or otherwise market Personal Data to third parties, such as other companies or organizations, without your express consent, or as required to meet our contractual obligations between Roland Berger and you, the website user, which make it necessary to transfer such data.
Transfer of data to countries outside the EU/EEA
Where there is a sufficient legal basis, your Personal Data may be transferred to and processed outside the EU/EEA in other countries where laws and provisions governing the processing of Personal Data may be less stringent. In such cases, we will ensure that there are adequate safeguards in place to protect your Personal Data (i.e. EU standard data protection clauses adopted by the EU commission). Further details of these transfers and copies of these agreements are available from us on request here .
Most browsers are initially set to accept cookies. You can disable cookies anytime and hence object to the setting of cookies permanently. You can also delete cookies that have been accepted or have your browser notify you every time a cookie is set through the settings of your browser. Please note that you may not be able to use all functions of these websites if you disable cookies entirely.
Most cookies we use are “session cookies”. We use these to enable your use of our websites and to remember your settings throughout your visit to avoid that you have to reenter your choices several times. Session cookies are deleted automatically at the end of your visit. The purposes stated above constitute our legitimate interests for processing of Personal Data using session cookies on the legal basis of Art. 6 para 1 lit.f) GDPR.
Web Analytics Cookies:
Matomo (formerly PIWIK)
Our website uses a web analytics services provided by Matomo (www.matomo.org; formerly PIWIK). We use the Matomo cookie to collect information on the use of our website from our users including the website from which your accessing system comes to our website, the subsites, which are accessed via an accessing system on our website, the frequency and duration of your visit to our website, and your IP address. We will shorten your IP address to ensure that we cannot identify you personally. We will not use the collected information to compile user profiles or combine information on specific users. The purpose of processing is marketing and optimization of our websites. These purposes constitute our legitimate interests for processing of Personal Data using Matomo on the legal basis of Art. 6 para 1 lit.f) GDPR. Your Personal Data is deleted once the reasons we collected it for cease to apply. That is the case after 180 days.
You can object to the use of your information with effect for the future if you do not wish for your information to be collected and used with a simple mouse click.
If you click into the field below, a so-called opt-out-cookie will be set on your device which allows us to recognize that we may not collect information on your usage. Please note that if you delete cookies from your browser this may affect the opt-out-cookie. You can activate the opt-out-cookie at any time here: Opt out of Matomo here .
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, to help the website analyze how users use the site and optimize our websites. As a rule, the information generated by the cookie about your use of this website will be transmitted to a Google server in the USA and stored there.
You can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in available under tools.google.com/dlpage/gaoptout?hl+en&hl=en .
We use the CRM, registration and marketing automation system “HubSpot”, operated by our service provider HubSpot Germany GmbH (Unter den Linden 26, 10117 Berlin, Germany), and its subprocessors Hubspot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) and Hubspot Ireland ltd. (One Dockland Central, Dublin 1, Ireland) on the basis of our legitimate interests (efficient and quick processing of user requests, applications and optimization of our online offer), Art. 6 para. 1 lit. f GDPR. If you consented to the respective cookie notice, we will also be able to use Hubspot for personalized tracking of how you use our website and whether you received and opened our marketing emails sent to you. For this purpose, we have concluded a data processing agreement with Hubspot Germany, and additionally so-called standard contractual clauses, in which HubSpot Inc. undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection. HubSpot Inc. is also certified under the Privacy Shield Agreement and thus provides an additional safeguard to comply with European data protection law ( www.privacyshield.gov/list ). Learn more about HubSpot’s data privacy statement here: legal.hubspot.com/privacy-policy
Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register Personal Data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager. The purpose stated above constitutes our legitimate interest for processing of Personal Data using Google Tag Manager on the legal basis of Art. 6 para 1 lit.f) GDPR.
External Services & Embeds
We use the open source mapping tool OpenStreetMap to display geodata. The OpenStreetMap Foundation is based in the UK and operates its servers in Europe. More details, please see the OpenStreetMap Foundation’s privacy statement .
We have embedded YouTube-videos in our website. These videos are stored on www.youtube.com and are directly playable from our website. The video-platform is operated by YouTube, LLC, a company of Google Inc. We have no influence on the data transferred to YouTube. By visiting a website with embedded YouTube-videos a connection between your browser and the Google DoubleClick network may be established. The videos are embedded in an advanced data protection mode. Based on the information given by YouTube, when using the advanced data protection mode, no cookies are placed on your computer and no data about you as a user of our website are transmitted to YouTube if you do not play the videos. Only when you play the videos, the following data is transferred. If you play the embedded videos, YouTube places cookies on your computer and receives the information that you have visited the corresponding subpage of our website. If you are logged in on YouTube, this data is directly associated with your user account. If you do not wish such assignment to your user account on YouTube, you must log out before playing the videos.
YouTube might store this data (also for non-logged-in users) as a user profile and use them for purposes of advertising, market research and need-based design of its website, to provide demand-orientated advertising and to inform other users of the platform about your activities on our website.
You have a right of objection against the generation of such user profiles. To exercise this right to object you need to contact the third-party provider. You will receive further information on the purpose and scope of data collection and processing by the third-party provider as well as on your relevant rights and options for protecting your privacy here or by sending an email to email@example.com .
We have embedded Vimeo-videos in our website. These videos are stored on www.vimeo.com and are directly playable from our website. The video-platform is operated by Vimeo, Inc. By visiting a website with embedded Vimeo-videos a direct connection between your browser and a server of Vimeo in the USA is established. Vimeo stores information about your visit of our website including your IP-address. If you have a Vimeo-account and do not wish that Vimeo collects information about you through this website and associates this information with your member data on Vimeo, you must log out before visiting this website. You will receive further information on the purpose and scope of data collection and processing by the third-party provider as well as on your relevant rights and options for protecting your privacy on vimeo.com/cookie_policy or vimeo.com/privacy .
Some of our sub-sites are hosted on Wix. Wix.com is a cloud based web development platform with millions of users worldwide and operates its servers outside the EU/EEA. Therefore, your Personal Data is transferred outside the EU/EEA. However, Wix.com ensures adequate safeguards for pro-cessing your Personal Data because Wix.com participates in, and has certified its compliance with, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Wix.com may also place cookies on your computer when visiting our subsites hosted on Wix. For more insight, you may also want to read here.
Data subjects have rights against Roland Berger Holding GmbH in relation to their Personal Data in compliance with Art. 15-21 GDPR. In particular, you may have the right to:
- request a copy of your Personal Data we hold about you (right of access, Art. 15 GDPR);
- ask that we update the Personal Data we hold about you, or correct any Personal Data that you think is incorrect or incomplete (right to rectification, Art. 16 GDPR);
- ask that we delete Personal Data that we hold about you, or restrict the way in which we use your Personal Data (right to erasure, Art. 17 GDPR and right to restriction of processing, Art. 18 GDPR)
- object to our processing of your Personal Data (right to object, Art. 21 and 22 GDPR)
- request your Personal Data be transferred to you or another data controller (right to data portability, Art. 20 GDPR)
If you are unhappy with the way we have handled your Personal Data or any data protection query or request that you have raised with us, you have a right to complain to the competent supervisory authority.
We store Personal Data according to legal storage periods. We routinely delete this Personal Data or block it, once these periods expire or the reasons for storage cease to apply, following data protection rules.
If you have agreed to a longer duration for storing, processing and using your data, we will delete or block your data after this duration expires or should you revoke your consent (refer to the supplementary data protection statement for applicants ).
The security of your data is important to us: so, all the areas of our websites where you can actively input data use encryption systems such as SSL (Secure Socket Layer) to protect your data against being accessed by unauthorized third parties.
If you register to use access-protected areas of Roland Berger's websites, you should keep the login details you receive carefully and protected against access by third parties. If you log in on a computer that is used by more than one person, please don't forget to log off properly at the end of each session and close the browser window you were using.
Roland Berger takes extensive technical and organizational security precautions to protect your Personal Data against being manipulated, either accidentally or deliberately, or being lost, destroyed or accessed by unauthorized third parties. We are constantly improving these precautions as technology develops.
We welcome your feedback. If you have any comments, complaints or questions regarding this Data Protection Statement or our processing of your Personal Data, or would you like to exercise any of your rights you can contact us:
Roland Berger Holding GmbH
80538 Munich, Germany
The contact details of our data protection officer are:
Roland Berger Holding GmbH
80538 Munich, Germany
This Data Protection Statement was last modified on August 31, 2018. We may occasionally modify or amend it from time to time. When we make changes to this Data Protection Statement we will update the revision data at the top of this Data Protection Statement. Where those changes are material, we will take steps to let you know. The new modified or amended Data Protection Statement will apply from that revision date. Please always verify whether you have consulted the last version of the Data Protection Statement.